How to only use the remote introspection

Hi Team,

I’m trying to just use the remote introspection for OKTA.
I created a SPA application with PKCE. It only has the client id but no client secret.
When I configured the remote introspection inforamtion in the external authorization server, I don’t know which client secret should be input. If I leave it blank, the page doesn’t le me save.
So I just input another okta web app’s client secret.

but I alway got the error message as below:
“UnAuthorized application request”

If I remove the remote introspection information and input the local introspection information, I can get the correct result, no error “UnAuthorized application request”.

Any idea how to configure the correct remote introspection for okta SPA with PKCE?

Thanks & Regards,
Jason

Hi Jason,

Please take a look on this thread/article and it should help further with OKTA specific topic also:

HTH,
RMG

1 Like